Apr 24, 2025Ravie LakshmananMalware / Threat Intelligence At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole. The activity targeted South Korea's software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky … [Read more...] about Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Flaws and ThreatNeedle Malware
cyber security news
DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack
Apr 23, 2025Ravie LakshmananMalware / Cryptocurrency Multiple threat activity clusters with ties to North Korea (aka Democratic People's Republic of Korea or DPRK) have been linked to attacks targeting organizations and individuals in the Web3 and cryptocurrency space. "The focus on Web3 and cryptocurrency appears to be primarily financially motivated due to the heavy … [Read more...] about DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack
Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals
Apr 22, 2025Ravie LakshmananIoT Security / Malware Cybersecurity researchers have detailed a malware campaign that's targeting Docker environments with a previously undocumented technique to mine cryptocurrency. The activity cluster, per Darktrace and Cado Security, represents a shift from other cryptojacking campaigns that directly deploy miners like XMRig to illicitly … [Read more...] about Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals
Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan
Apr 21, 2025Ravie LakshmananMalware / Vulnerability Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access. The activity has been named Larva-24005 by the AhnLab Security Intelligence … [Read more...] about Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan
APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures
The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that's targeting diplomatic entities across Europe with a new variant of WINELOADER and a previously unreported malware loader codenamed GRAPELOADER. "While the improved WINELOADER variant is still a modular backdoor used in later stages, GRAPELOADER is a newly observed … [Read more...] about APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures
Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems
Apr 19, 2025Ravie LakshmananLinux / Malware Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities. The packages in question are listed below - According to supply chain security firm Socket, the packages are designed to mimic … [Read more...] about Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems
Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States
Cybersecurity researchers are warning of a "widespread and ongoing" SMS phishing campaign that's been targeting toll road users in the United States for financial theft since mid-October 2024. "The toll road smishing attacks are being carried out by multiple financially motivated threat actors using the smishing kit developed by 'Wang Duo Yu,'" Cisco Talos researchers Azim … [Read more...] about Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States
Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates
The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware. This includes updated versions of a known backdoor called TONESHELL, as well as a new … [Read more...] about Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates
Experts Uncover Four New Privilege Escalation Flaws in Windows Task Scheduler
Apr 16, 2025Ravie LakshmananEndpoint Security / Vulnerability Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities. The issues have been uncovered in a binary named … [Read more...] about Experts Uncover Four New Privilege Escalation Flaws in Windows Task Scheduler
Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool
Apr 15, 2025Ravie LakshmananLinux / Malware The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a new open-source tool called VShell to infect Linux systems. "Threat actors are increasingly using open source tools in their arsenals for cost-effectiveness and obfuscation to save … [Read more...] about Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool